Saturday, May 24, 2008

ASP.NET Webservice TIP

To allow only required protocol to the web service you are creating, you can use following in web.config file.

<remove name="Documentation"/>
<remove name="HttpGet"/>
<add name="HttpPost"/>

Only the required protocols should be allowed to the web service. If you allow the documentation, any malicious user can access and get the information about your web method. Using that information, hacker be a threat to your web service.

Above section in web.config file only allows POST method. User will not be able to use your web service using GET protocol.

No comments:

Post a Comment